A new report warns that rogue states, criminals and terrorists could use AI to launch devastating attacks in the digital, physical and political domains.
A harrowing new report highlights the risks posed by the malicious use of Artificial Intelligence in the digital, physical and political domains. The 26 experts behind the report come from more than a dozen institutions and organizations, including, Oxford University’s Future of Humanity Institute, Yale University’s Information Society Project, Elon Musk’s OpenAI and the Electronic Frontier Foundation.
The report suggests that the world is dangerously close to a time when rogue states, criminals and terrorists could use AI to launch nefarious attacks. Specific threats include the deliberate crashing of self-drive vehicles or drones, speech-synthesis to impersonate targets, and spear phishing.
Freely available technologies, such as those used by the deepfakes app, have brought home to many how AI might be used in the political arena to spread fake news and propaganda to sway public opinion. “We also expect novel attacks,” the authors warn, “that take advantage of an improved capacity to analyse human behaviours, moods and beliefs on the basis of available data.”
The authors recommend five high-level actions:
- Researchers and engineers must acknowledge the potential for misusing their work;
- Policymakers should work more closely with researchers to understand and prevent the attacks;
- AI researchers should learn from existing best practices in cyber security;
- Normative and ethical frameworks must become top priorities;
- A wider range of stakeholders and experts should be involved in efforts to understand, prevent and mitigate the growing threats.
International Standards reflect expert consensus on best practices and address real needs. They can provide powerful tools for identifying, avoiding and mitigating risks.
Here at the IEC, we have long been concerned about the threat of cyber attacks, including the emerging hacking risks faced by connected and automated cars. Our international experts are closely involved in the development of Standards relevant to cyber security through their work in ISO/IEC JTC 1/SC 27: IT security techniques.
This Subcommittee was set up by ISO/IEC JTC 1: Information technology, the Joint Technical Committee created by the IEC and ISO. It has published dozens of documents covering various aspects of IT security techniques, including the ISO/IEC 27000 family of Standards on information security management systems.
Another example is ISO/IEC 27019: Information technology – Security techniques – Information security controls for the energy utility industry
Several other series of IEC Standards are relevant to the protection of communication networks, control systems and power installations against cyber threats. They include:
- IEC 62443: Industrial automation and control systems security (IACS) – Network and system security
- IEC 62645: Nuclear power plants – Instrumentation and control systems – Requirements for security programmes for computer-based systems
- IEC 61850: Communication networks and systems for power utility automation
- IEC 60870: Telecontrol equipment and systems
- IEC 62351: Power systems management and associated information exchange
- IEC 62859: Nuclear power plants – Instrumentation and control systems – Requirements for coordinating safety and cybersecurity
As hackers continue to pose a growing threat, it is essential that IT staff have the required training, knowledge and skills. The work of the Committee on conformity assessment (CASCO) — a joint effort by ISO and IEC — is vital to the process of determining whether an organization meets the requirements related to its technical competence in this area.